[389-users] Windows Sync
Nathan Kinder
nkinder at redhat.com
Tue Jul 27 17:39:35 UTC 2010
On 07/27/2010 10:21 AM, --[ UxBoD ]-- wrote:
> Hi,
>
> We have a Windows replication agreement in place which works great; plus we are using the PassSync on the Windows server itself. The issue we have is that when somebody changed their password on the Windows server it has got stuck due to a Constraint Violation on previous passwords and this is stopping any further password changes from that user. Is there anyway to remove that entry from a database somewhere ? I am guessing it may be secmod.db on the Windows server ?
>
The password changes are not kept in secmod.db. They changes are kept
in the passhook.dat file in the system32 directory. This file is
encrypted, so there's not an easy way to remove the one problematic
change from that file. I believe that you could stop the Password Sync
Service and remove passhook.dat to clear things out, but you will lose
whatever password changes are queued up. New changes should be sync'd
fine at that point though.
More information about the 389-users
mailing list